Reporting to the Director of Information & Communications Technology (ICT) and the Manager (Cybersecurity), you will play a crucial role in ensuring the security and compliance of the College’s information systems. Your primary responsibility will be to implement and maintain the ISO 27001 standard, which sets the framework for an effective Information Security Management System.
You will communicate new key security initiatives and risks to the ICT team to ensure comprehensive understanding and identification of information risks. Knowledge and experience in cybersecurity technologies, risk assessment, incident response and vulnerability management will be vital in ensuring integrity, confidentiality and availability of our systems. You will coordinate internal and external audits to assess the College’s compliance with ISO 27001 standards and other relevant regulations and collaborate with auditors and stakeholders to address audit findings and implement corrective actions.
Your responsibilities include but are not limited to the following:
- Analyse and correlate information security events to identify appropriate event handling actions.
- Perform security assessments and penetration testing to identify vulnerabilities in network infrastructure, applications and systems.
- Collaborate with relevant teams to implement necessary security controls and safeguards.
- Collate document information related to IT security attacks, threats, risks and controls.
- Establish review procedures based on the College's security risk management plan.
- Evaluate effectiveness of current incident response plan against industry’s best practices.
- Identify threats and risks that are relevant to the College's operations and systems.
- Monitor the effectiveness of action plans in addressing information risks.
- Prepare information security performance reports based on results from analysis and correlation of information security events.
- Assist to implement security policies, standards and procedures by considering the threats identified and other information collected.
- Assist to implement and manage security monitoring tools and systems to detect and respond to potential security incidents.
- Monitor security logs, investigate suspicious activities and recommend appropriate actions.
- Test incident response plans periodically to ensure response times and executed procedures are acceptable.
- Preferably a bachelor’s degree in computer science, information systems infocomm security management or related professional qualifications from an established university.
- Preferably three years and above or equivalent of experience in IT support, network, systems, cybersecurity type function.
- Diploma holders with eight years and above of relevant experience may apply.
- Candidates without relevant working experience or possess a polytechnic diploma with at least five years of relevant experience may apply and will be considered for an entry-level or executive level equivalent role.
- Understanding of incident response procedures and security incident handling including escalating to other support groups.
- Having experience in security management and security governance including managing ISO 27001 standards within an organisation would be an added advantage.
- Resourceful with good problem-solving, presentation and data analytics skills.
- Strong written communication skills and interpersonal skills.
- Ability to work well independently and as a member of a team, and collaborate with colleagues at all levels.
Interested applicants are invited to apply directly at the LASALLE careers portal. Closing date is 15 February 2024 or until the position is filled. We regret that only shortlisted candidates will be notified.